From owner-freebsd-isp  Thu Nov 14 16:45:49 2002
Delivered-To: freebsd-isp@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id D65C137B401
	for <freebsd-isp@FreeBSD.ORG>; Thu, 14 Nov 2002 16:45:47 -0800 (PST)
Received: from blue.centerone.com (blue.centerone.com [204.133.183.111])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 6BAFF43E4A
	for <freebsd-isp@FreeBSD.ORG>; Thu, 14 Nov 2002 16:45:47 -0800 (PST)
	(envelope-from rf-list@centerone.com)
Received: from localhost (rf-list@localhost)
	by blue.centerone.com (8.9.3/8.9.3) with ESMTP id RAA08685;
	Thu, 14 Nov 2002 17:54:39 -0700
Date: Thu, 14 Nov 2002 17:54:39 -0700 (MST)
From: Ralph Forsythe <rf-list@centerone.com>
To: Paul Schenkeveld <fb-isp@psconsult.nl>
Cc: Lewis Watson <lists@visionsix.com>, <freebsd-isp@FreeBSD.ORG>
Subject: Re: su and root password
In-Reply-To: <20021114231432.A51618@psconsult.nl>
Message-ID: <Pine.LNX.4.44.0211141751240.8484-100000@blue.centerone.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-isp.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-isp>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-isp>
X-Loop: FreeBSD.org

On Thu, 14 Nov 2002, Paul Schenkeveld wrote:

> Hi,
>
> If you want to use su behind ssh and did not succeed because su cannot
> read a password from /dev/tty then try the -t option of ssh to force
> sshd to allocate a pty even if this is not an interactive session:
>
<snip!>
>
> I use this construction all the time for things I want to execute as
> root on another machine because I don't want to set up sudo on every
> machine (I'm the only administrator on most machines anyway).
>
> Hope this helps you or someone else.

It's interesting for sure - but would this not then require that he put
the root password into a script, which would by nature be unencrypted?  I
would shoot anyone who did that on my servers.

There are ways to push sudo configs to multiple machines (not that this
guy needs it) in case you didn't know that - it was either discussed on
this list or openbsd-misc, I cannot remember where I saw it.  Either way a
search should find that info.

- Ralph


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message